Monday, February 24, 2014

Privacy and service: Dropbox vs. your NAS (OwnCloud)

Just some rambling after reading through the comments on the Dropbox blog, after the change in the Terms of service:

I don't really like the idea of the NSA/CIA/ABC peeking at my family photos, but I decided that I can live with it. A good point in the posts was that it's everybody's own decision if this is something they can live with, or it's too much for them, in which case they should just stop using the service.

But I think two things were mixed together in the conversation, which are actually separate: the 'important' and the 'private' part. Both of these are up for individual choice, but they might (based on decision, again) get different treatment.

Example: my family photos are important to me; those moments can't be re-created. I want them to be safe. But they aren't really private (no nude shots of me, etc.), so no need to encrypt them, Uncle Sam can watch them for all I care. On the other hand, my bank/tax statements: they are decidedly less important to me, on a nice-to-have level, but I do consider them private: I encrypt them before storing them in the cloud.

Classifying every piece of your data is up to you: everything can be important and everything can be considered private. It's up to you how you deal with these cases technologically.

One of the arguments is that instead of using Dropbox/Google Drive/SkyDrive, people fire up their own NAS at home (there's this nice new product called OwnCloud, or you can go with good ol' FreeNAS). That's perfectly fine, we've loved NAS systems for the past 20 years, just 2 tiny issues:

- Just because it's your own computer on the Net, it's not a 100% secure. If Big Brother wants to, they'll find a way to break it;

- A NAS at home is not cloud. You are doing apples and oranges here, when you compare the services provided by them.

A bit detail on the second one:

If you go with the actual meaning of Cloud computing, not just calling everything cloud that's connected to the Net, you have a few important characteristics:

- Reliability: If it's your NAS box in your home with a one or two ISP uplinks, with or without a UPS to power it, it might not provide 99.999% uptime. Also, do you have an enterprise grade point-in-time backup system for it? Harddrives will fail, be ready. Somebody might break into your house (not a conspiracy, just a regular Joe) and take it.

- Maintenance: Don't forget to keep the firmware up to date, keep it dust free, replace harddrives as they fail.

- Security: let's not even go there.

- Scalability: you'll have a nice up front cost, and you might have to pay up to replace the harddrives with bigger ones again.

- Cost: economy of scale. Although storage is the worst use for cloud in this sense. With European energy prices, it costs a conservative $5 a month to run 30W of electric load. If harddrives fail every 5 years and they cost $120, that's $2.4 a month. I assume your NAS has at least 2 of them (you really don't want to run without RAID mirroring at least), that's $4.8. That's $9.8 a month total, with very basic maths, not calculating with time-value of money, ISP costs, etc.

- Device and location independence: with the new generation NAS software on the market, this is doable.

- Performance: minor issue, you might not want to host your NAS on a dialup or DSL connection, but otherwise it's okay.